Giovanni's Diary > Subjects > Programming > Linux > Notes >
Security Management Solutions
Wazuh
Website. Install wazuh on a docker container:
git clone https://github.com/wazuh/wazuh-docker.git -b v4.14.2
cd wazuh-docker/single-node/
If you are using SELinux, add a :z after each volume so SELinux does
not complain:
volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/:z
- ./config/certs.yml:/config/certs.yml:z
First you need to generate the certificate, then you can deploy the
server. Use sudo because the container needs to bind to the network
interface.
sudo docker compose -f generate-indexer-certs.yml run --rm generator sudo docker compose up -d
You can finally connect to the interface and start using the manager:
https://<DOCKER_HOST_IP>
- Username:
admin - Password:
SecretPassword
For configuration, check the file in /var/ossec/etc/ossec.conf.
ps: there is a dark mode in Dashboard Management > Advanced Settings.
Useful panels
- Endpoint security > Configuration Assessment: correct configuration
- Threat Intelligence > Vulnerability Detection: CVEs
- Thread Intelligence > Threat Hunting: live monitor activity
- Security operations > IT Hygene: general overview of the system
Travel: Linux Notes, Index